Deploying USB Devices in a Secure Horizon 7 Environment

<

USB devices can be vulnerable to a security threat called BadUSB, in which the firmware on some USB devices can be hijacked and replaced with malware. For example, a device can be made to redirect network traffic or to emulate a keyboard and capture keystrokes. You can configure the USB redirection feature to protect your Horizon 7 deployment against this security vulnerability.

By disabling USB redirection, you can prevent any USB devices from being redirected to your users' Horizon 7 desktops and applications. Alternatively, you can disable redirection of specific USB devices, allowing users to have access only to specific devices on their desktops and applications.

The decision whether to take these steps depends on the security requirements in your organization. These steps are not mandatory. You can install USB redirection and leave the feature enabled for all USB devices in your Horizon 7 deployment. At a minimum, consider seriously the extent to which your organization should try to limit its exposure to this security vulnerability.

Some highly secure environments require you to prevent all USB devices that users might have connected to their client devices from being redirected to their remote desktops and applications. You can disable USB redirection for all desktop pools, for specific desktop pools, or for specific users in a desktop pool.

Some users might have to redirect specific locally-connected USB devices so that they can perform tasks on their remote desktops or applications. For example, a doctor might have to use a Dictaphone USB device to record patients' medical information. In these cases, you cannot disable access to all USB devices. You can use group policy settings to enable or disable USB redirection for specific devices.